IoT Security Testing

We are your partner for peace of mind!

Security and data privacy are key enablers for a viable IoT business. Our security testing services can help analyze, assess and qualify your security needs.

umlaut
IoT Hardware Security
Analysis Partner
$
INCLUDES

Service delivered by umlaut:

  • Review of hardware layout and schematics regarding secure design
  • Verification of interface security: JTAG, SWD, USB, UART, SPI, CAN, I²C
  • Flash ROM, memory analysis
  • Glitching test

Device must be shipped to main security lab in Germany

BENEFITS

Analysis covers different device hardware security aspects

Pricing depends on IoT device complexity

umlaut
Source Code Security
Analysis Partner
$
INCLUDES

Service delivered by umlaut:

  • Static analysis, defense in depth
  • Malware, backdoors, suspicious code, least privilege & access control
  • Input validation and data sanitization
  • Session and Memory management
  • Compiler options and warnings
  • Error handling and race conditions
  • Weak cryptography
BENEFITS

The analysis covers all important secure coding aspects

Pricing depends on source code size

DEKRA
Cybersecurity
Consultancy Partner
$
INCLUDES

Service delivered by DEKRA:

  • Covers consultancy services prior to evaluation / certification
  • Includes assessment of security policies in place, gap analysis, vulnerabilities assessment, etc.
  • Applicable to concept, design, manufacturing, and debugging phases
BENEFITS

Ensure compliance with security requirements prior to start of an official evaluation or certification to enable a smooth process

DEKRA
Security Basic
Testing Partner
$
INCLUDES

Service delivered by DEKRA:

  • Assessment of SW and HW vulnerabilities
  • Optional: Assessment of mobile app or website
BENEFITS

Entry-level security evaluation of IoT devices whose use cases require a low security assurance

DEKRA
Security Advanced
Testing Partner
$
INCLUDES

Service delivered by DEKRA:

  • Penetration testing (partial) of SW and HW
  • Optional: Penetration testing of mobile app or website
  • Optional: Verification of OWASP API Top 10
BENEFITS

Advanced-level security evaluation of IoT devices whose use cases require a medium security assurance

DEKRA
Security Expert
Testing Partner
$
INCLUDES

Service delivered by DEKRA:

  • Penetration testing (full) of SW, HW, mobile app or website
  • Evaluation of updating process
  • Evaluation of communications protocols
  • Optional: Verification of OWASP API Top 10
BENEFITS

Full-level security evaluation of IoT devices whose use cases require a high security assurance

DEKRA
Penetration Testing
Testing Partner
$
INCLUDES

Service delivered by DEKRA:

  • Tailor-made penetration testing based on device features, product characteristics, etc.
  • Covers device (HW & FW), cloud/web services, mobile app
  • Three different approaches: White Box, Grey Box, Black Box
BENEFITS

Cybersecurity evaluation based on manufacturer requirements and processes

Certification requirements for CTIA, ETSI EN 303 645, NIST and/or ioXt Alliance (as needed)

Ensure compliance to security requirements beforehand to enable a smoother certification

umlaut
IoT Device Security Penetration
Testing Partner
$
INCLUDES

Service delivered by umlaut:

  • Web application security of local WebUI
  • Man-in-the-middle, replay-based attacks
  • Privacy analysis (e.g. GDPR compliance)
  • Secure remote management and backend communication
  • Radio / WiFi / BT encryption & hardening
  • Analysis of third-party libraries and SDKs
  • Firmware reverse engineering
BENEFITS

The pentest covers all wireless, physical and logical interfaces as well as a software, firmware and privacy analysis

Pricing depends on IoT device complexity

umlaut
Mobile App Penetration
Testing Partner
$
INCLUDES

Service delivered by umlaut:

  • Strong focus on security and privacy
  • Impersonation and authorization bypass
  • Privilege escalation and man-in-the-middle attacks
  • Authentication and backend communication
  • Reverse engineering
  • App storage, logging, cloning
BENEFITS

The pentest covers all important attack vectors of smartphone apps

umlaut
IoT APN Security
Testing Partner
$
INCLUDES

Service delivered by umlaut:

  • Mobile-to-mobile communication
  • Service discovery from subscriber / SIM card perspective towards network
  • Abuse of the mobile data service to bypass charging
  • Verification if malicious UEs can send binary SMS towards remote subscribers
BENEFITS

Assesses mobile-to-mobile communication, core network reachability, charging bypass, and binary SMS

The testing covers all important attack vectors from SIM perspective

umlaut
Backend System Penetration
Testing Partner
$
INCLUDES

Service delivered by umlaut:

  • Security scans, identification of available services
  • Firewall evasion techniques, vulnerability analysis
  • Intrusive exploitation and verification
  • Extensive brute-force tests
  • Horizontal and vertical privilege escalation
  • Web application penetration testing and OWASP TOP 10
BENEFITS

The pentest covers all important attack vectors of backend systems

HARMAN
Connected Healthcare Security
Consultancy Partner
$
INCLUDES

Services delivered by HARMAN:

  • End-to-end testing for HIPAA, OWASP Top 10 for IoT
  • Risk analysis and mitigation
  • Remediation and security engineering services
  • GDPR compliance
BENEFITS

Assess vulnerabilities and personal data safety

HARMAN
IoT Security Managed Service
SaaS Partner
$
INCLUDES

Service delivered by HARMAN:

  • IoT application & network monitoring
  • L1 and L2 technical support
  • Asset management SaaS
  • On-site service (Basic and Advanced)
  • Remote operational monitoring
BENEFITS

Proactive threat analysis and compliance monitoring

GDPR compliance

DEKRA
GSMA Cybersecurity
Testing Partner
$
INCLUDES

Service delivered by DEKRA:

  • Support to perform and complete GSMA IoT Security Guidelines Assessment
  • Includes preparation of Checklist (CLP.17 document) for endpoints, services, and communication networks
  • Optional: Evaluation of compliance of GSMA Security Guidelines
BENEFITS

Compliance with applicable GSMA IoT Security Guidelines

DEKRA
ETSI EN 303 645
Testing Partner
$
INCLUDES

Service delivered by DEKRA:

IoT security certification according to ETSI EN 303 645, 3 levels of evaluation:

  • Constrained device
  • Normal
  • Full
BENEFITS

Strongly recommended in the European Union from 2022 due to upcoming regulation

ETSI EN 303 645 evaluation is a requirement according to ENISA CyberSecurity Act for low assurance level IoT devices

DEKRA
IACS Product Development
Certification Partner
$
INCLUDES

Service delivered by DEKRA:

  • IEC 62443-4-1 certification
  • Applicable to Industrial Automation and Control System (IACS) device manufacturers
  • Assess the secure product development life cycle

Package options:

  • Maturity level 1: Statement of conformity (no DEKRA Seal)
  • Maturity level 2: Certificate (DEKRA Seal)
BENEFITS

Strongly recommended in the European Union from 2022 due to upcoming regulation

IEC 62443 specification is globally accepted standard for industrial security

DEKRA
IACS Component Security
Certification Partner
$
INCLUDES

Service delivered by DEKRA:

  • IEC 62443-4-2 certification
  • Applicable to Industrial Automation and Control System (IACS) devices
  • Product certification
  • IEC 62443-4-1 process evaluation is a pre-requisite
  • Security level 1 and higher covered
  • Statement of conformity
BENEFITS

Strongly recommended in the European Union from 2022 due to upcoming regulation

IEC 62443 specification is globally accepted standard for industrial security

DEKRA
Common Criteria
Certification Partner
$
INCLUDES

Service delivered by DEKRA:

IoT security certification according ISO 15408, 4 levels of evaluation:

  • EAL1
  • EAL2
  • EAL3
  • EAL4
BENEFITS

Strongly recommended in the European Union from 2022 due to upcoming regulation

Common Criteria evaluation is a requirement according to ENISA CyberSecurity Act for high assurance level IoT devices

DEKRA
ioXt Alliance
Certification Partner
$
INCLUDES

Service delivered by DEKRA:

Authorized Lab certification (Black or White Box) for ioXt Alliance, with options:

  • Baseline certification
  • Specific profiles: Android, Mobile App, Network Lighting, Residential Camera, Speaker
BENEFITS

Get “certified” logo from ioXt Alliance, the fastest growing consortium devoted to ensure security of IoT devices

DEKRA
NIST IR 8259
Testing Partner
$
INCLUDES

Service delivered by DEKRA:

  • IoT security evaluation according to NIST IR 8259 standard
BENEFITS

Recommended for North America / United States

Compliance with IoT security baseline regulatory requirements applicable in the United States

DEKRA
CTIA Cybersecurity
Certification Partner
$
INCLUDES

Service delivered by DEKRA:

IoT security certification according to CTIA guidelines, 3 levels of evaluation:

  • Level 1 (Core Security)
  • Level 2 (Enhanced Security)
  • Level 3 (Advanced Security)
BENEFITS

Recommended for North America / United States

CTIA IoT Cybersecurity Certification is a requirement for IoT devices intended to operate in North American mobile networks